Vulnerabilidades em Snyk
15 resultadosCVE-2019-10744—Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifEPSS 5.0%CVE-2019-10760—safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and executEPSS 2.9%CVE-2019-10791—promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can beEPSS 2.0%CVE-2019-10759—safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and executEPSS 1.8%CVE-2019-10781—In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used witEPSS 1.4%CVE-2019-10797—Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.EPSS 1.2%CVE-2019-10793—dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of ObjecEPSS 1.1%CVE-2019-10795—undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of ObjectEPSS 1.1%CVE-2019-10792—bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of ObjeEPSS 1.0%CVE-2019-10794—All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying propertiesEPSS 0.7%CVE-2023-1065MEDIUMThis vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfEPSS 0.6%CVE-2023-1767MEDIUMThe Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is toEPSS 0.5%CVE-2024-48963HIGHThe package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggeEPSS 0.4%CVE-2024-48964HIGHThe package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triEPSS 0.4%CVE-2024-21571HIGHSnyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execEPSS 0.2%